CVE-2022-0385

The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting...

CVE-2015-9430

The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header...

WordPress Crazy Bone plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Crazy Bone plugin 0.6.0 and earlier versions, which stems fr...

CVE-2022-0385

The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting...

CVE-2022-0385

The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting...

CVE-2022-0385

The CVE-2022-0385 entry relates to the WordPress Crazy Bone plugin (versions

CVE-2022-0385 Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS

The Crazy Bone WordPress plugin through 0.6.0 does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in WordPress Crazy Bone plugin 0.6.0 and earlier versions, which stems fr...

Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting curl 'https://example.com/wp-login.php' --data-raw 'log=a&pwd=x&wp-submit=Log+In' The XSS will be trigged in...

Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS

The plugin does not sanitise and escape the username submitted via the login from when displaying them back in the log dashboard, leading to an unauthenticated Stored Cross-Site scripting PoC curl 'https://example.com/wp-login.php' --data-raw 'log=a=x&wp-submit;=Log+In' The XSS will be trigged in...

WordPress Crazy Bone plugin <= 0.6.0 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability

Unauthenticated Stored Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Crazy Bone plugin versions = 0.6.0. Solution Deactivate and delete. This plugin has been closed as of January 26, 2022 and is not available for download. This closure is temporary, pending a...

Design/Logic Flaw

The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header...

CVE-2015-9430

CVE-2015-9430 affects the Crazy Bone WordPress plugin (before version 0.6.0). The issue is an XSS vulnerability via the User-Agent HTTP header. Multiple connected sources confirm the same root cause and affected component. The wpvulndb entry additionally aligns with stored XSS scenarios for earli...

Crazy Bone <= 0.5.5 - Unauthenticated Stored Cross-Site Scripting (XSS)

The Crazy Bone WordPress plugin was affected by an Unauthenticated Stored Cross-Site Scripting XSS security vulnerability...

WordPress Crazy Bone Plugin <= 0.5.5 - Stored Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Upgrade this plugin...